How to spot a phishing attack
Social engineering is when cyber criminals manipulate people into giving up confidential information. This might be usernames, passwords, or other personal information like bank card details, dates of birth, or where you live.
A phishing attack is form of social engineering. It looks like an email or message that appears to be sent by someone you know, or a company you trust. However, really it’s been sent by cyber criminals who are impersonating that person or company. They hope that you will reply to their message, or will try to trick you into logging into a fake website or sending them sensitive or confidential information.
What might a phishing attempt look like?
Well it could look like something you’d normally encounter on a computer.
It could be through a message, or a friend request, or an advert. And this is called phishing, with a ph. They’re trying to fish some information from you, or have you click on something.
It’s not going to look dramatic like it might in a movie, your screen probably isn’t suddenly going to go red with a scary face and message. It’ll be much more personal, more human.
Spotting a phishing email
The National Cyber Security Centre have published these tell tale signs that could indicate a phishing attempt:
- Authority – They make themselves seem important, and trustworthy. They might pretend they know you, or your manager. They might be imitating someone you would normally trust. They might pretend to be from your bank, or a government department.
- Urgency – To build pressure or distress. They might set a deadline, or rush you into doing something – so you don’t have time to think about it clearly. Criminals often threaten you with fines or other negative consequences. They might threaten to close your account. Or they might say you need to contact them immediately to sort a problem
- Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more. They’ll threaten you with something you probably really care about or make you want something.
If you spot one or more of these things – it might make you suspicious. Think of this as your checklist for spotting a social engineering attack